python dis模块和ctf中的python字节码逆向-爱代码爱编程

3 34 LOAD_CONST 0 (0)
36 LOAD_CONST 2 ((‘reduce’,))
38 IMPORT_NAME 4 (functools)
40 IMPORT_FROM 5 (reduce)
42 STORE_NAME 6 (r)

以上这段代码节选自一道ctf reverse题的唯一附件txt，它是python dis模块的输出结果。
输出结果中，比较重要的明显是指令名称和注释。从注释可以推测其对应的源代码是

from functools import reduce as r

在正常使用过程中，一般是dis.dis(“此处放python代码字符串或者python文件，或者其它更复杂的python对象，比如协程”)，目的是探究python底层，比如切片的实现等问题。
可以通过在github cpython repository中搜TARGET(NOP)、TARGET(BINARY_SUBSCR) 等内容来找到具体实现。

此处给出这道题目的字节码-python源码对照，题目来自第三届陕西省网安大赛。

1180 FOR_ITER 38 (to 1258)
1182 STORE_NAME 30 (i)
175 1184 LOAD_NAME 33 (value)
1186 LOAD_NAME 30 (i)
1188 BINARY_SUBSCR
1198 STORE_NAME 35 (temp)
176 1200 PUSH_NULL
1202 LOAD_NAME 36 (chr)
1204 PUSH_NULL
1206 LOAD_NAME 37 (ord)
1208 LOAD_NAME 35 (temp)
1210 PRECALL 1
1214 CALL 1
1224 LOAD_CONST 152 (3)
1226 BINARY_OP 0 (+)
1230 PRECALL 1
1234 CALL 1
1244 STORE_NAME 35 (temp)
177 1246 LOAD_NAME 34 (output)
1248 LOAD_NAME 35 (temp)
1250 BINARY_OP 13 (+=)
1254 STORE_NAME 34 (output)
1256 JUMP_BACKWARD 39 (to 1180)

for i in range(len(flag)):
	temp = value[i]
	temp = chr(ord(temp) + 3)
	output += temp

215 1840 LOAD_NAME 49 (obfuscated_output)
1842 LOAD_CONST 1 (None)
1844 LOAD_CONST 1 (None)
1846 LOAD_CONST 163 (-1)
1848 BUILD_SLICE 3
1850 BINARY_SUBSCR
1860 STORE_NAME 49 (obfuscated_output)
218 1862 LOAD_NAME 49 (obfuscated_output)
1864 LOAD_METHOD 50 (replace)
1886 LOAD_CONST 166 (‘g’)
1888 LOAD_CONST 167 (‘1’)
1890 PRECALL 2
1894 CALL 2
1904 LOAD_METHOD 50 (replace)
1926 LOAD_CONST 168 (‘H’)
1928 LOAD_CONST 169 (‘3’)
1930 PRECALL 2
1934 CALL 2
1944 LOAD_METHOD 50 (replace)
1966 LOAD_CONST 170 (‘W’)
1968 LOAD_CONST 171 (‘9’)
1970 PRECALL 2
1974 CALL 2
1984 STORE_NAME 49 (obfuscated_output)

obfuscated_output = obfuscated_output[::-1]
obfuscated_output = obfuscated_output.replace('g', '1')
obfuscated_output = obfuscated_output.replace('H', '3')
obfuscated_output = obfuscated_output.replace('W', '9')